Re: 7 Day Call for Consensus March 17, 2016 ARIA Working Group Resolutions

I spoke with Brett Lewis at Freedom Scientific and he agreed with the solution that if a password role were applied that rather that echoing they keys typed or speaking stars for each character typed that they need to echo the character *rendered*. He also had no issues with making this an author MUST for ATs because of the security issues. Users will also need to be made aware that if they run across a password field and the characters spoken, while typing, match their password that there are exposed to a security risk. 

So, the net, net of this is that if we can get the ATVs to agree to this then this would solve all the issues related to a role=“password”. 


Rich Schwerdtfeger

> On Mar 29, 2016, at 4:01 PM, Joseph Scheuhammer <> wrote:
> On 2016-03-29 1:10 PM, Cynthia Shelly wrote:
>> The password role does not prevent accessing the content of the
>> password field from script.
> Somewhat tangential, but the same is true for an html5 password
> <input>.  Its @value attribute contains the password in plain text.
> -- 
> ;;;;joseph.
> 'Die Wahrheit ist Irgendwo da Draußen. Wieder.'
>                 - C. Carter -

Received on Thursday, 31 March 2016 16:21:26 UTC